<?php

/**
 * Stone大叔💯 
 * ============================================================================
 * ----------------------------------------------------------------------------
 * <><><><><><><><><><><><><>有妹子加微信不哦！~<><><><><><><><><><><><><><><><>
 * ----------------------------------------------------------------------------
 * ============================================================================
 * $Author: Stone大叔💯 $
 * 2010-03-25 06:35:46Z Stone大叔💯 $
 */

namespace Stone\Core;
use Stone\Library\Exception;
/**
 * Description of XssCheck
 *
 * @author Administrator
 */
class XssCheck {
    /**
     * GET 参数跨站检测
     * 增加对 CONTENT-TRANSFER-ENCODING 代码的检测 (IE MHTML 漏洞)
     */
    static public function check() {
            $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
            if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
                    throw new Exception("request_tainting");
            }
    }   
}
